[PATCH] lsm: Fix the crash issue in xfrm_decode_session
Feng Yang
yangfeng59949 at 163.com
Wed Apr 22 06:39:21 UTC 2026
On Mon, 13 Apr 2026 13:39:18 -0400, Stephen Smalley wrote:
[...]
> > This BUG_ON was first mentioned in [1], but I could not find any explanatory record of why this check is needed.
> >
> > [1] https://lore.kernel.org/all/Pine.LNX.4.64.0607122149070.573@d.namei/
> >
> > In the existing LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
> > when the `ckall` parameter of the `selinux_xfrm_decode_session` function is 0,
> > it can only return 0 and will not trigger BUG_ON.
> > Therefore, remove the BUG_ON check to fix this issue.
> >
> > Reported-by: Kaiyan Mei <M202472210 at hust.edu.cn>
> > Reported-by: Yinhao Hu <dddddd at hust.edu.cn>
> > Closes: https://lore.kernel.org/all/4c4d04ba.6c12b.19c039b69e6.Coremail.kaiyanm@hust.edu.cn/
> > Signed-off-by: Feng Yang <yangfeng at kylinos.cn>
>
> Reviewed-by: Stephen Smalley <stephen.smalley.work at gmail.com>
>
> With the proviso that we likely ought to follow up with a clean-up
> that introduces a separate skb_classify_flow LSM hook that returns
> void so we don't awkwardly ignore errors below and defer handling to
> the individual security module.
Thank you for your review. Should the follow-up cleanup optimization for
adding a separate skb_classify_flow hook be submitted after this patch is merged?
> > ---
> > security/security.c | 5 +----
> > 1 file changed, 1 insertion(+), 4 deletions(-)
> >
> > diff --git a/security/security.c b/security/security.c
> > index 67af9228c4e9..198f650070da 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -4991,10 +4991,7 @@ int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
> >
> > void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
> > {
> > - int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
> > - 0);
> > -
> > - BUG_ON(rc);
> > + call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid, 0);
> > }
> > EXPORT_SYMBOL(security_skb_classify_flow);
> > #endif /* CONFIG_SECURITY_NETWORK_XFRM */
> > --
> > 2.43.0
More information about the Linux-security-module-archive
mailing list